Remote Access Enabling Technologies - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Remote Access Enabling Technologies

Description:

Work from Foreign devices (Internet Cafes) Work outside of NZ ... Droppings left behind cache, temporary files. Legal Issues ... – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 15
Provided by: hans79
Category:

less

Transcript and Presenter's Notes

Title: Remote Access Enabling Technologies


1
Remote Access Enabling Technologies
  • If you can avoid it, dont do it
  • Presentation to GOVIS
  • John Hanson
  • 22 July 2004

2
Remote Access Definition
  • All remote working outside of your internal
    networks
  • Includes
  • Work on devices off-line
  • Work at Home
  • Work from Foreign devices (Internet Cafes)
  • Work outside of NZ
  • Not just PCs, laptops but PDAs, cellphones

3
Comment on Security
  • As a general comment security relies on system
    safeguards, policies, awareness and the external
    environment.
  • With Remote Access you have no control over the
    external environment and often the policies and
    awareness are not there.

4
Understand The Drivers
  • MBMA
  • Technolust
  • General mobility
  • Cheaper access options (Smaller offices)
  • Pressure to work at Home
  • Pressure to access info away from office
  • Greater productivity

5
However Understand that .
  • CEs and others dont understand your problems
  • Remote access is a business issue
  • RAS is ONLY an enabler
  • Infrastructure will always be used for other
    things than intended
  • External environment is hostile
  • Remote equipment open to other people
  • There are significant risks, costs

6
Risks
  • Committing to greater level of funding (minor)
  • Remote equipment loss (minor)
  • Network compromised (major for IT)
  • Loss of Information (or compromised) ie by
    Shoulder surfing, screen scraping or capture
    (MAJOR)
  • All leading to bad PR, non performance,
    increased costs, loss of credibility, broken
    relationships, knocking on door of minister

7
Policies
  • AS/NZS/ISO 17799
  • General security
  • Access Policy (Apps, Network)
  • Security Policy
  • Police checks / security clearances
  • Remote Access (Working) policy
  • Who, How, Conditions, Ownership
  • Potential backdoors, anti virus, software,
    templates
  • Internet and E-mail policy(s)
  • Personal use issues

8
Policies (Cont)
  • IM Policy
  • Accounting Policy
  • Ownership of equipment, who can approve
  • Payment for lines charges, use etc
  • Be aware of FBT

9
IM Issues
  • BIGGEST issue by far
  • Only documents rated Sensitive and below use
    encryption and harden equipment (firewall,SSL)
  • No oversight by other staff
  • Staff must be aware of obligations
  • Document management, versions, copies
  • Document Security Classification handling
  • Archives Act requirements
  • Droppings left behind cache, temporary files

10
Legal Issues
  • Are staff still covered while at home or away by
    SOPs?
  • International boundaries
  • OSH How to measure damage where home office not
    up to scratch. Org is liable
  • Licencing WAH licences, secondary use
  • Archives Act requirements
  • Sending deflamatory material by mistake
  • Passing on viruses to third parties who has
    obligations?

11
How to Sleep at Night
  • Ensure business understands Remote Working is a
    business issue
  • Each person to get approved
  • Educate ET of risks
  • Awareness programme for staff mngrs
  • Have policies in place
  • Ensure IM issues are sorted

12
IT Things to Manage
  • Ensure RAS implementation is top quality and
    managed
  • Ensure Change Control is implemented
  • Get User Registration process sorted
  • Ensure Technical staff play the game
  • Pay for external QA and testing
  • Have appropriate funding to support RAS
  • Publish Service Levels, manage expectations
  • Look at encyption on laptops, flash drives,
    removable media

13
Role of EGU (GCSB) ?
  • Caveat Unsure whether some of this is already
    being done
  • To facilitate a Remote Access Lego block
  • To facilitate and make educational material
    available
  • To facilitate and make good practice policy
    available
  • To organise a briefing for Departmental heads of
    the risks of particular architectures,
    particularly Remote Access

14
Questions ?
  • Thank You
Write a Comment
User Comments (0)
About PowerShow.com